diff options
author | Todd C. Miller <Todd.Miller@courtesan.com> | 2003-12-31 22:46:10 +0000 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@courtesan.com> | 2003-12-31 22:46:10 +0000 |
commit | 52843b0dc161d73e53f37ec10fbf44ae49524402 (patch) | |
tree | 4a41353744b9dfb2c9183bec58e1ec3c12841cc0 /auth | |
parent | 73ccc11b5f4ec159b39b25fac1f50c201e29b9dc (diff) | |
download | sudo-52843b0dc161d73e53f37ec10fbf44ae49524402.tar.gz |
Add a zero_bytes() function to do the equivalent of bzero in such a
way that will heopfully not be optimized away by sneaky compilers.
Diffstat (limited to 'auth')
-rw-r--r-- | auth/aix_auth.c | 4 | ||||
-rw-r--r-- | auth/bsdauth.c | 4 | ||||
-rw-r--r-- | auth/fwtk.c | 8 | ||||
-rw-r--r-- | auth/pam.c | 13 | ||||
-rw-r--r-- | auth/sudo_auth.c | 4 |
5 files changed, 16 insertions, 17 deletions
diff --git a/auth/aix_auth.c b/auth/aix_auth.c index 1bbb0df8d..ae8fc0763 100644 --- a/auth/aix_auth.c +++ b/auth/aix_auth.c @@ -74,7 +74,7 @@ aixauth_verify(pw, prompt, auth) char *prompt; sudo_auth *auth; { - volatile char *pass; + char *pass; char *message; int reenter = 1; int rval = AUTH_FAILURE; @@ -83,7 +83,7 @@ aixauth_verify(pw, prompt, auth) if (pass) { if (authenticate(pw->pw_name, (char *)pass, &reenter, &message) == 0) rval = AUTH_SUCCESS; - memset(pass, 0, strlen(pass)); + zero_bytes(pass, strlen(pass)); } return(rval); } diff --git a/auth/bsdauth.c b/auth/bsdauth.c index 0b147d554..4b6b29d7d 100644 --- a/auth/bsdauth.c +++ b/auth/bsdauth.c @@ -116,7 +116,7 @@ bsdauth_verify(pw, prompt, auth) char *prompt; sudo_auth *auth; { - volatile char *pass; + char *pass; char *s; size_t len; int authok = 0; @@ -165,7 +165,7 @@ bsdauth_verify(pw, prompt, auth) if (pass) { authok = auth_userresponse(as, (char *)pass, 1); - memset(pass, 0, strlen(pass)); + zero_bytes(pass, strlen(pass)); } /* restore old signal handler */ diff --git a/auth/fwtk.c b/auth/fwtk.c index b8b19b539..1fe52aab6 100644 --- a/auth/fwtk.c +++ b/auth/fwtk.c @@ -114,8 +114,8 @@ fwtk_verify(pw, prompt, auth) char *prompt; sudo_auth *auth; { - volatile char *pass; /* Password from the user */ - volatile char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */ + char *pass; /* Password from the user */ + char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */ char resp[128]; /* Response from the server */ int error; extern int nil_pw; @@ -166,8 +166,8 @@ fwtk_verify(pw, prompt, auth) warnx("%s", resp); error = AUTH_FAILURE; done: - memset(pass, 0, strlen(pass)); - memset(buf, 0, strlen(buf)); + zero_bytes(pass, strlen(pass)); + zero_bytes(buf, strlen(buf)); return(error); } diff --git a/auth/pam.c b/auth/pam.c index 114ac301c..c8d83e2bf 100644 --- a/auth/pam.c +++ b/auth/pam.c @@ -190,16 +190,16 @@ sudo_conv(num_msg, msg, response, appdata_ptr) struct pam_response **response; VOID *appdata_ptr; { - volatile struct pam_response *pr; + struct pam_response *pr; PAM_CONST struct pam_message *pm; const char *p = def_prompt; - volatile char *pass; + char *pass; int n, flags; extern int nil_pw; if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL) return(PAM_CONV_ERR); - (void) memset(*response, 0, num_msg * sizeof(struct pam_response)); + zero_bytes(*response, num_msg * sizeof(struct pam_response)); for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++) { flags = tgetpass_flags; @@ -217,7 +217,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr) if (*pr->resp == '\0') nil_pw = 1; /* empty password */ else - memset(pass, 0, strlen(pass)); + zero_bytes(pass, strlen(pass)); break; case PAM_TEXT_INFO: if (pm->msg) @@ -233,13 +233,12 @@ sudo_conv(num_msg, msg, response, appdata_ptr) /* Zero and free allocated memory and return an error. */ for (pr = *response, n = num_msg; n--; pr++) { if (pr->resp != NULL) { - (void) memset(pr->resp, 0, strlen(pr->resp)); + zero_bytes(pr->resp, strlen(pr->resp)); free(pr->resp); pr->resp = NULL; } } - (void) memset(*response, 0, - num_msg * sizeof(struct pam_response)); + zero_bytes(*response, num_msg * sizeof(struct pam_response)); free(*response); *response = NULL; return(PAM_CONV_ERR); diff --git a/auth/sudo_auth.c b/auth/sudo_auth.c index 6f70c0b46..cb35774d8 100644 --- a/auth/sudo_auth.c +++ b/auth/sudo_auth.c @@ -117,7 +117,7 @@ verify_user(pw, prompt) int success = AUTH_FAILURE; int status; int flags; - volatile char *p; + char *p; sudo_auth *auth; sigaction_t sa, osa; @@ -202,7 +202,7 @@ verify_user(pw, prompt) } #ifndef AUTH_STANDALONE if (p) - (void) memset(p, 0, strlen(p)); + zero_bytes(p, strlen(p)); #endif /* Exit loop on nil password, but give it a chance to match first. */ |